Walling off Asian E-mail to Prevent Spam 665
SomeoneYouDontKnow writes: "Seems there's been lots of spam news lately. This piece from Wired describes how frustrated sysadmins in the West are responding to a torrent of Asian spam by simply refusing all e-mail from that part of the world. As anyone who's ever reported spam to Asian ISPs can attest, getting a response of any kind is almost impossible, so some ISPs are simply giving up on receiving any mail from them. Setting up barriers like this is regrettable, but when the originating ISPs refuse to take responsibility for the actions of their users or close their open mail servers, there would seem to be no other choice. Has anyone ever had any kind of constructive conversation with one of these ISPs to see why they are unable or unwilling to do anything?"
Re:Setback for the net? (Score:2, Informative)
I guess this affect Asian businesses more than the local folks. When businesses start to complain to their ISP why they can't send any mails to their western counterparts, maybe the ISP will start to listen.
Some ISPs there have very under qualified admin (the good ones moved here to the US
Rather than 1/4 of the world (Score:3, Informative)
[1] Bye bye Yahoo, AOL, Hotmail for a start.
SHOCK! HORROR! journalism (Score:5, Informative)
- frustrated sysadmins in the West are responding to a torrent of Asian spam by simply refusing all e-mail from that part of the world [says Slashdot]
Anti-spam activists confirm that a growing number of beleaguered systems administrators are now blocking all e-mail originating from Asia from their systems [says the article]Bollocks, says anyone reading it with a critical eye. There are no references or sources for this sweeping "all Asian email" statement. The single reference is to Spamhaus [spamhaus.org] which implements selective listing of domains that persistently generate or carry spam and decline to respond to spam reports. Most of their listed ISP's are currently US based. There is specific mention of two Chinese ISP's, and none from any other Asian nation.
To make a story out of this, you have to cite metrics. The fact that Spamhaus are currently blacklisting China Telecomm no more proves that "the west" is blocking "the east" than a story about anyone temporarily blacklisting AOL (again) proves that there is some mass move to block "the west".
Without giving metrics, you're just providing anecdotes. Persuasive anecdotes, sure, that probably appeal to our personal experiences, but those are the most dangerous kind, because they stop you looking for the real story and asking the real questions.
The real question here isn't "Why do Spamhaus currently blacklist China Telecomm?" but "Why don't Spamhaus currently blacklist Roadrunner?" or any of another half dozen ignorant ISP's that deny that they are injecting spam even in the face of unequivocable header evidence. Perhaps we in the "west" (sweeping-generalisations-r-us) could go about cleaning up our own house before we go gunning for those coming late to the party.
Re:No response to complaints after receiving spam (Score:3, Informative)
Re:Constructive dialogs (Score:1, Informative)
Basically, what they have in mind is at the top level of escalation we threaten the ISP with "fix your problem or we will discard *any* packets going to and from your IP space if it touches our edge routers." For those not clued up on this, this means that the Asian ISP (and all of it's customers) will effectively cease to exist for us, our customers, and anyone totally unconnected with us who just happens to try and route across our IP space. We've actually done this with one major Asian ISP who told our MD in quite lucid, albeit very offensive, English that they would not deal with one of their customers who was being especially unsociable and to mind our own business. His response was basically "The Internet is very much about cooperation, so if you won't cooperate with us, why should we cooperate with you? Goodbye!"
Sadly, APNIC seems just as unwilling to help as some of the ISPs they issue space to - a far cry from RIPE in my experience, who quite frequently contact us regarding abuse issues. It's definately getting near the point that an "Internet Death Sentence" is going to become a topic of serious discussion IMHO. It's not the spammers that are the real problem here; it's the Asian SysAdmins that are giving them a haven and providing them with the open relays, either deliberately or through ignorance, that need to be convinced to wise-up and stop burying their collective heads in the sand.
Re:I can't disagree more (Score:5, Informative)
Do the reading. Despite the shrieking tone of the article, what we are talking about here is Spamhaus [spamhaus.org] blacklisting China Telecom, not "all Asian ISP's". That's the entire story. And Spamhaus themselves suggest that their list should be used in conjunction with an open relay list.
Re:Over reacting (Score:3, Informative)
Spam, while annoying, is not the end of the world.
Maybe for you. But read the article. There are mail admins who receive more than a hundred spam requests per second from chinese ip addresses. That adds up to REAL money, really quickly. Adding the addresses to this database still costs bandwidth, since you have to receive all the headers before you can run your spam check.
Global blocking of the connecting IP range means you can do it from the first SYN packet.
Re:Over reacting (Score:2, Informative)
Remember that the next time your connection seems a little slow.
Good spam blockers don't just filter the email, it's already wasted bandwidth and resources at that point. Good spam blockers such as rblsmtpd from the qmail package drop the connection as soon as a black listed IP connects, with an error message for those sending legitimate mail.
For example, a black listed IP hitting my mail server sees:
"553 <see http://www.vh.org/rbl.html> Email not accepted from IP address:61.99.120.39"
SPAMMERS, who typically use FRAUDULENT Reply-to headers, will never see this error, while legitiment email senders will and will be able to plea for the email to be delivered.
Maybe they would respond if they could read it? (Score:2, Informative)
Re:Sadly, this is the only way to go (Score:3, Informative)
Re:Culture differences, etc. (Score:3, Informative)
Cultural homogeny is one of the most fascinating aspects of the internet. Sure, in much of Asia, it's traditionally a sign of respect to give an individual a hard copy of your business card. But that in itself is just the most recent evolution of a long tradition of formalised introductions and determining of relative position, and there's no reason to believe that spam will continue to be tolerated by users there (assuming this claim is true) once the novelty value wears off.
I'll go out on a limb to suggest that while UCE within Asia is perhaps currently viewed as synonymous with a business card, given time, when it is viewed in its own light (rather than as just being considered analogous to a traditional activity), it will be viewed with the same contempt and hatred that the rest of the world already has for it.
I'll draw a parallel with email in general in the US and Europe. For those coming late to the party, many early (80's and early 90's, and by the way, I was a Prestel user in the 80's, using my ZX Spectrum and breeze block modem) home and business users of email initially tended to treat it as a letter, starting with "Dear Bob", and taking care with spelling and punctuation. (Don't confuse this with academic users or l33t h4x0rz coming to the medium with a fair idea of what it was and why they wanted it). It took a while to evolve in popular consciousness into more of a informal and disposable post-it note or phone call analog, although really it's in a category all of its own.
So while it's easy for us to scoff in disbelief at the naievete of Asian users now, let's not forget those Dear Bob days. Global consensus will take a while to arrive. And lest we get too high and mighty, it might very well involve a shift in our perceptions as well.
You see, the thing that really bugs me about spam is that it's so moronic and illiterate. "!!!MAKE $$$ FAST!!!" it shrieks, and "you have, nothign to loose!". Call me strange, but if I were (ever, in theory) to receive a small, literate and polite spam that didn't lie about remove options or oversell itself, it just advertised a product, then I'd be far less inclined to spamcop it. The idea of a "business card" type spam is far less loathesome to me than yet another two hundred line "THIS IS NOT A PIRIMID SKAM!!!!!" monstrosity.
Re:Watch out with that scheme (Score:5, Informative)
Other things you can do with TMDA include:
Good luck.
Re:Ban Asia??? (Score:4, Informative)
Re:I Regularly Communicate With Chinese (Score:2, Informative)
Re:Why are open relays used at all? (Score:3, Informative)
I hope this has answered your questions.
Re:Sadly, this is the only way to go (Score:3, Informative)
This isn't cultural imperialism, it's a recognition of the fact that we need a shared language - *any* shared language - and English is a good choice for it. It uses a simple alphabet, has simple conjugation rules, and a well-known "international English" subset that's sufficient for most routine interactions.
It's also important to remember the flip side of this - native English speakers need to be able to understand the heavily accented and mangled English of non-native speakers. In some ways this is harder than learning Int'l English - the non-native speakers only need to learn one language, we have to learn dozens of varients.
Bottom line: any ISP larger than a 2-person shop should have employees able to understand the gist of these complaints and to respond. Their English may be broken, but that's sufficient for communications to occur.
Some first hand expirence. (Score:3, Informative)
About 1.5 years ago I was working for iPlanet as a backline support person. The summer of 2000 we had a rash of Asian telecos running our e-mail server and crashing and burning.
So I got sent to Asia to try and figure out what was going on at our three largest telcos there, Unitel [unitel.co.kr] and Hanaro Telecom in Korea and Jiangsu Telecom (can't find their homepage at the moment) in China.
What I found in both cases was frightening. Pro-Serv had done a good job of implementing a mail system that would handle a normal user load just fine. But, in both cases the load was 5 times what was planned for. So the servers we're dying under the load.
After very little investigation it found out that several of the subscribers were spamming via their ISP. When I first pointed this out to the powers that be there I got a blank reply along the lines fo "So?".
As management and I delved into it the opinion that the ISP was forming was that these are customers, we can't just cut them off, they will leave and we will lose money.
I tried the normal counters like, "The abusers are bringing down the service for your normal subscribers. The normal subscribers are getting mad (some even started anti Unitel sites) and they're going to leave in droves if this keeps up. And then all you're going to be left with is a few subscribers who are costing you more in the long run. Bandwidth costs associated with the spamming, hardware upkeep for a few users, etc.
The sysadmins and techs got all this but management was so scared of losing a customer and that customers money that they would not dare do a thing about it.
I ended up leaving both sites having accomplished stabilizing the systems as much as I could but not solving the actual problem, getting the ISP to come up with and enforce some terms of service.
So to me what it comes down to is capitalism run amok, espically in Korea. Management is so blinded by "making it big" they fail to see the real disaster looming on the horizon.
Don't blame uncaring techs, blame the top level for driving this thing into the ground.
At least I can say I had a great time visiting those countries and taking in the other parts of their real culture. But, July in Seoul is miserable.
Re:I wouldn't like that (Score:1, Informative)
With TMDA you have a number of options.
Of course this is susceptible to error, either false negatives which cause spam to end up in your mailbox, or false positives which cause legit email to end up in your spambox or deleted. I use spamassassin. I did not find any false positives, but about 2% false negatives. So I implemented TMDA to handle all email that falls through spamassassin. So far, it's kept my mailbox pretty spamfree.
Of course, your right that all of this requires that legitimate people who want to talk to me may require an additional step. What I've found is that most people who do this are happy to get confirmation back that I exist and that there email really is getting to me. YMMV.
Good luck.
fight spam (Score:3, Informative)
Re:education is the solution (Score:3, Informative)
goto http://www.goto.com and do a search for bulk email then click the links to cost spammers big bucks